Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

The booming hacking business

A dramatic increase in hacking

It's a good time to be a malicious hacker. That's because even though it's not a time of revolutionary new techniques in hacking for profit, business is booming for the established methods. Despite increased investment in information security defenses, the good guys continue to lag badly behind. According to one report by Sophos, which called the recent uptick in ­malware a "deluge," by April 2007, more than 250,000 websites were hosting malicious code and more than 8,000 were being added to that total every day.

A sample of the deluge:

Hackers compromised Google AdWords so that links on certain sponsored ads were redirected to the attackers' website first, where an attempt was made to install a keylogging bot.

Zero-day exploits in Windows were discovered, including a critical flaw in animated cursor files that would allow an attacker to commandeer a PC.

Incidents of iFrame malware--code that lives in an invisible-to-the-eye frame on a website and delivers bots onto the PCs of people visiting the site--have increased.

Credential-stealing bots like Gozi and Torpig continued to troll for personal banking information on infected computers.

A hacker won US$10,000 breaking into a Mac through the Safari browser, which was followed by Apple releasing a patch for 25 vulnerabilities.

A researcher announced she is planning to demo ways to install rootkits and perform encryption attacks on Microsoft's new Windows Vista product at this summer's Black Hat conference.

A 17-year-old was charged with hacking into AOL, using a phishing scheme against AOL employees and using unauthorized instant messaging accounts, with the intent to transfer confidential data.

The only response for many information security professionals is to stay on top of the latest developments and prioritize response according to need. But that's getting harder to do with the sheer volume of information on new attacks.

Many are also met by apathy or skepticism when trying to shed light on the problems. "It is hard to discuss solutions when no one believes there is a problem," says Eric Hacker, a CISSP who works for a technology company. "The culture cannot mix security and business for whatever reason."

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: AOL, Apple, Good Guys, Google, Microsoft, Sophos

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • Security Threat Report 2012
    This threat report shares the latest research on hacktivism, online threats, mobile malware, cloud computing, and social network security looking ahead to the coming year.
    Learn more »
  • 2012 Data Backup Strategy Guide
    Articles include: 10 best cloud backup strategies for biz continuity, Disk or tape? How about both, Protect Your Backup Data from Murphy’s Law, Back up without crashing.
    Learn more »
  • Eight threats your antivirus won’t stop - Why you need endpoint security
    News headlines are a constant reminder that malware attacks and data loss are on the rise. High-profile incidents that make big news might seem out of the ordinary. Yet businesses of every size face similar risks in the everyday acts of using digital technology and the Internet for legitimate purposes. This paper outlines eight common threats that traditional antivirus alone won’t stop, and explains how to protect your organisation using endpoint security.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.

HP and IDG news, product videos and resources